--- 1/draft-ietf-lsr-ospf-prefix-originator-04.txt 2019-11-24 22:13:13.115350799 -0800 +++ 2/draft-ietf-lsr-ospf-prefix-originator-05.txt 2019-11-24 22:13:13.147351614 -0800 @@ -1,24 +1,24 @@ LSR Working Group A. Wang Internet-Draft China Telecom Intended status: Standards Track A. Lindem -Expires: March 15, 2020 Cisco Systems +Expires: May 28, 2020 Cisco Systems J. Dong Huawei Technologies P. Psenak K. Talaulikar Cisco Systems - September 12, 2019 + November 25, 2019 OSPF Prefix Originator Extension - draft-ietf-lsr-ospf-prefix-originator-04 + draft-ietf-lsr-ospf-prefix-originator-05 Abstract This document defines Open Shortest Path First (OSPF) encodings to advertise the router-id of the originator of inter-area prefixes for OSPFv2 and OSPFv3 Link-State Advertisements (LSAs). The source originator is needed in several multi-area OSPF use cases. Status of This Memo @@ -28,21 +28,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on March 15, 2020. + This Internet-Draft will expire on May 28, 2020. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -51,32 +51,35 @@ include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions used in this document . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 4. Inter-Area Prefix Source Advertisement Use Cases . . . . . . 4 - 5. Prefix Source Router-ID sub-TLV . . . . . . . . . . . . . . . 5 - 6. Elements of Procedure . . . . . . . . . . . . . . . . . . . . 6 - 7. Security Considerations . . . . . . . . . . . . . . . . . . . 6 - 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 - 9. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 7 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 7 - 10.2. Informative References . . . . . . . . . . . . . . . . . 9 - Appendix A. Inter-Area Topology Retrieval Process . . . . . . . 9 + 5. External Prefix Source Advertisement Use Cases . . . . . . . 5 + 6. Prefix Source Router-ID sub-TLV . . . . . . . . . . . . . . . 6 + 7. Elements of Procedure . . . . . . . . . . . . . . . . . . . . 7 + 7.1. Inter-Area Prefixes . . . . . . . . . . . . . . . . . . . 7 + 7.2. External Prefixes . . . . . . . . . . . . . . . . . . . . 7 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 + 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 + 10. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 8 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 9 + 11.2. Informative References . . . . . . . . . . . . . . . . . 10 + Appendix A. Inter-Area Topology Retrieval Process . . . . . . . 10 Appendix B. Special Considerations on Inter-Area Topology - Retrieval . . . . . . . . . . . . . . . . . . . . . 10 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 + Retrieval . . . . . . . . . . . . . . . . . . . . . 11 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction [I-D.ietf-ospf-mpls-elc] defines mechanisms to advertise Entropy Readable Label Depth (ERLD) for ingress Label Switching Routers (LSR) to discover other LSR's capability of performing Entropy Label based load-balancing in MPLS networks. The ingress LSR can use this information to construct the appropriate label stack for specific traffic requirements, especially in segment routed networks and other deployments requiring stacked LSPs. @@ -115,40 +118,42 @@ rebuild the inter-area topology. [RFC7794] introduces the Intermediate System to Intermediate System (IS-IS) "IPv4/IPv6 Source Router IDs" Type-Length-Value (TLV) to advertise the source of prefixes leaked from a different IS-IS level. This TLV can be used in the above scenarios. Such solution can also be applied in networks that run the OSPF protocol, but existing OSPF LSAs TLVs must be extended to include the router originating the prefix. - This draft provides such solution for the OSPFv2 and OSPFv3 - protocols. + This draft provides such solution for the OSPFv2 [RFC2328] and OSPFv3 + [RFC5340] protocols. 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Terminology The following terms are used in this document: o ABR: Area Border Router + o ASBR: Autonomous System Border Router o ERLD: Entropy Readable Label Depth o EL: Entropy Label + o IS-IS: Intermediate System to Intermediate System o LSA: Link-State Advertisement o MSD: Maximum SID Depths o NLRI: Network Layer Reachability Information o OSPF: Open Shortest Path First @@ -192,56 +197,87 @@ another area, it should know the ERLD and MSD values associated with the node T1, and then construct the right label stack at the ingress node for traffic destined to prefix Lt1. In another scenario, If R0 has some method to learn the originator of network N1 and reports such information to IP SDN controller, then it is possible for the controller to reconstruct the topology in the non-backbone areas. The topology reconstruction process and its limitations are described in the Appendix A and Appendix B. - From the above scenarios, we can conclude it is useful to define the - OSPF prefix originator sub TLV . +5. External Prefix Source Advertisement Use Cases -5. Prefix Source Router-ID sub-TLV + Figure 2 illustrates a topology where OSPF is running in different + domain that is connected by an Autonomous System Border Router + (ASBR). A, B, and C are routers in the Domain 1; C, D, and E are + routers in Domain 2. Router C is the ASBR between the two domains. + + When router E receives an external prefix, it will redistribute it as + an AS-External LSA within domain 2. When C receives such LSA, the + originator information for such external prefix will be lost when it + encodes the prefix information with the current LSA format field. In + some situations, it will be helpful if C can advertise such + originator information. + + +-------------------------------------------------------------------+ + | | External Prefix | + | +---+ +---+ +---+ +---+ +-|-+ | + | | A +-------+ B +----------| C +---------+ D +---------+ E |------| + | +---+ +---+ +---+ +---+ +---+ | + | Domain 1 | Domain 2 | + +-------------------------------------------------------------------+ + + Figure 2: OSPF External Prefix Originator Scenario + + From the above scenarios, we can conclude that it is useful to define + the OSPF prefix originator sub TLV . + +6. Prefix Source Router-ID sub-TLV [RFC7684] and [RFC8362] respectively define TLV-based LSAs for OSPFv2 and OSPFv3. These documents facilitate addition of new attributes for prefixes and provide the basis for a sub-TLV to advertise the "Prefix Source Router ID". For OSPFv2, this sub-TLV is a sub-TLV of OSPFv2 Extended Prefix TLV which SHOULD be included in the "OSPFv2 Extended Prefix Opaque LSA" [RFC7684] for inter-area prefixes. For OSPFv3, this sub-TLV is a sub-TLV of "Inter-Area-Prefix TLV", which SHOULD be included in the "E-Inter-Area-Prefix-LSA" [RFC8362]. The "Prefix Source Router-ID" sub-TLV has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Prefix Source Router-ID | +---------------------------------------------------------------+ - Figure 2: Prefix Source Router-ID sub-TLV Format + Figure 3: Prefix Source Router-ID sub-TLV Format - o Source Router-ID Sub-TLV Type: TBD1 [RFC7684] or TBD2 [RFC8362] + o Source Router-ID Sub-TLV Type: 4 (IANA TEMPORARY allocation) + [RFC7684] or 27 (IANA TEMPORARY allocation) [RFC8362] o Length: 4 o Value: Router-ID of OSPFv2/OSPFv3 router that is the source of the prefix. This sub-TLV provides the same functionality as the IS-IS "IPv4/IPv6 Source Router" TLV defined in [RFC7794]. -6. Elements of Procedure +7. Elements of Procedure + + The following sections describe the procedure to include the newly + defined "Source Router-ID Sub-TLV" in the related LSA for inter-area + prefixes and external prefixes respectively. + +7.1. Inter-Area Prefixes When an ABR, for example R2 in Figure 1, receives a Router-LSA advertisement in area 2, it SHOULD originate the corresponding "OSPFv2 Extended Prefix Opaque LSA" for OSPFv2 or "E-Inter-Area- Prefix-LSA" for OSPFv3 that includes the Source Router-ID sub-TLV for the network prefixes. For example, to identify the source router prefix Lt1 and other inter-area prefixes in Figure 1. When a router in another area, e.g., S1, receives such LSA, it then can ascertain that prefix Lt1 is associated with node T1 and obtain @@ -251,88 +287,107 @@ When a router in another area, e.g., R0, receives such LSA, it learns the Prefix Source Router-id and includes it in the prefix information advertised to an SDN controller as described in [I-D.ietf-idr-bgp-ls-segment-routing-ext]. The SDN controller can then use such information to build the inter-area topology according to the process described in the Appendix A. The topology retrieval process may not suitable for some environments as stated in Appendix B. -7. Security Considerations +7.2. External Prefixes + + When an ASBR, for example C in Figure 2, receives an AS-External LSA + for an external prefix in domain 2, it SHOULD extract the originator + information from the "Advertising Router" field from the LSA header. + When the prefix is advertised into domain 1 as an AS-External LSA, + router C may also advertise the Source Router-ID using a AS-scoped + OSPFv2 Extended Prefix Opaque LSA or as a Sub-TLV in the OSPFv3 AS- + External LSA. + +8. Security Considerations Since this document extends the "OSPFv2 Extended Prefix LSA" and "OSPFv3 E-Inter-Area-Prefix LSA", the security considerations for [RFC7684] and [RFC8362] are applicable. Modification of the "Prefix Source Sub-TLV" could be used for a Denial-of-Service attack and could inhibit the use cases described in Section 4. If the OSPF domain is vulnerable to such attacks, OSPF authentication should be used as defined for OSPFv2 in [RFC5709] and [RFC7474] and for OSPFv3 in [RFC7166]. Additionally, advertisement of the prefix source for inter-area prefixes facilitates reconstruction of the OSPF topology for other areas. Network operators may consider their topologies to be sensitive confidential data. For OSPFv3, IPsec can be used to provide confidentiality [RFC4552]. Since there is no standard defined for native OSPFv2 IPsec, some form of secure tunnel is required to provide confidentiality. -8. IANA Considerations +9. IANA Considerations This specification defines the Prefix Source Router-ID sub-TLV as - described in Section 5. This value should be added to the both + described in Section 6. This value should be added to the both existing "OSPFv2 Extended Prefix TLV Sub-TLVs" and "OSPFv3 Extended- LSA Sub-TLVs" registries. The following sub-TLV is added to the "OSPFv2 Extended Prefix TLV Sub-TLVs" registry. The allocation policy is IETF Review as defined in [RFC7684] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code Point | Description | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | TBD | Prefix Source Sub-TLV | Allocation from IANA | + | 4 | Prefix Source Sub-TLV | Allocation from IANA | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - Figure 3: Code Point in "OSPFv2 Extended Prefix TLV Sub-TLVs" + Figure 4: Code Point in "OSPFv2 Extended Prefix TLV Sub-TLVs" The following sub-TLV is added to the "OSPFv3 Extended-LSA Sub-TLVs" registry. The allocation policy is IETF Review as defined in [RFC8362] +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code Point | Description | Status | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | TBD | Prefix Source Sub-TLV | Allocation from IANA | + | 27 | Prefix Source Sub-TLV | Allocation from IANA | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - Figure 4: Code Point in "OSPFv3 Extended-LSA Sub-TLVs" + Figure 5: Code Point in "OSPFv3 Extended-LSA Sub-TLVs" -9. Acknowledgement +10. Acknowledgement Many thanks to Les Ginsberg for his suggestions on this draft. Also thanks to Jeff Tantsura, Rob Shakir, Gunter Van De Velde, Goethals - Dirk, Shaofu Peng, and John E Drake for their valuable comments. + Dirk, Smita Selot, Shaofu Peng, and John E Drake for their valuable + comments. -10. References +11. References -10.1. Normative References +11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . + [RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, + DOI 10.17487/RFC2328, April 1998, + . + [RFC4552] Gupta, M. and N. Melam, "Authentication/Confidentiality for OSPFv3", RFC 4552, DOI 10.17487/RFC4552, June 2006, . + [RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF + for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008, + . + [RFC5709] Bhatia, M., Manral, V., Fanto, M., White, R., Barnes, M., Li, T., and R. Atkinson, "OSPFv2 HMAC-SHA Cryptographic Authentication", RFC 5709, DOI 10.17487/RFC5709, October 2009, . [RFC7166] Bhatia, M., Manral, V., and A. Lindem, "Supporting Authentication Trailer for OSPFv3", RFC 7166, DOI 10.17487/RFC7166, March 2014, . @@ -363,33 +418,33 @@ [RFC8362] Lindem, A., Roy, A., Goethals, D., Reddy Vallem, V., and F. Baker, "OSPFv3 Link State Advertisement (LSA) Extensibility", RFC 8362, DOI 10.17487/RFC8362, April 2018, . [RFC8476] Tantsura, J., Chunduri, U., Aldrin, S., and P. Psenak, "Signaling Maximum SID Depth (MSD) Using OSPF", RFC 8476, DOI 10.17487/RFC8476, December 2018, . -10.2. Informative References +11.2. Informative References [I-D.ietf-idr-bgp-ls-segment-routing-ext] Previdi, S., Talaulikar, K., Filsfils, C., Gredler, H., and M. Chen, "BGP Link-State extensions for Segment Routing", draft-ietf-idr-bgp-ls-segment-routing-ext-16 (work in progress), June 2019. [I-D.ietf-ospf-mpls-elc] - Xu, X., Kini, S., Psenak, P., Filsfils, C., and S. - Litkowski, "Signaling Entropy Label Capability and Entropy - Readable Label-stack Depth Using OSPF", draft-ietf-ospf- - mpls-elc-09 (work in progress), September 2019. + Xu, X., Kini, S., Psenak, P., Filsfils, C., Litkowski, S., + and M. Bocci, "Signaling Entropy Label Capability and + Entropy Readable Label-stack Depth Using OSPF", draft- + ietf-ospf-mpls-elc-12 (work in progress), October 2019. [RFC7752] Gredler, H., Ed., Medved, J., Previdi, S., Farrel, A., and S. Ray, "North-Bound Distribution of Link-State and Traffic Engineering (TE) Information Using BGP", RFC 7752, DOI 10.17487/RFC7752, March 2016, . Appendix A. Inter-Area Topology Retrieval Process When an IP SDN Controller receives BGP-LS [RFC7752] information, it